This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] is the RIPE NCC GDPR compliant ?
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Felipe Victolla Silveira
ripencc-management at ripe.net
Thu Feb 21 17:53:05 CET 2019
Dear Elvis, Thanks for your email. We haven't forgotten the issues that were raised at RIPE 77 and are working on them (some since before that meeting). In short, these are not trivial issues. They will take some time to resolve technically and some will depend on community input. But to address your points directly: 1. Ticketing Email is not the only way to open a ticket with the RIPE NCC. You can also use the RIPE NCC Contact Form or one of the request forms in the LIR Portal. This allows for the secure and confidential upload of documentation and avoids the issue you mention regarding links to documents appearing in email responses from the RIPE NCC. When people email us, we actively direct them to upload documents via the LIR Portal. We are working to address this, although there are limitations to what is possible with our ticketing system. A simple option would indeed be to no longer accept attachments via email, although we would need to balance this against the ability of people to interact effectively with the RIPE NCC. In the meantime, as we investigate different options, our staff are removing attachments from the ticketing system manually in order to mitigate these issues. 2. RIPE Database object creation We create PERSON objects for new LIRs to make things easier for them. Before they get started with the membership application form, we tell them how we intend to use the information they provide. We also make it clear that they should make sure they have permission to submit the personal data of third parties. Since before GDPR became an issue, our systems have created person-maintainer object pairs - we are looking at the implications of changing this to require role-maintainer pairs. Most of our work regarding the database over the past several months has focused on implementation of NWI-5 (out-of-region objects) and abuse-c validation, which was requested by the community. In 2019, we hope to be able to dedicate more resources to furthering work on the areas you identify. However, we also have to consider the wishes of the community. Our legal analysis of the RIPE Database and GDPR was based on input from RIPE community members. It essentially said that personal data is entered into the database for a specific purpose – to support coordination between network operators, which can be vital in the event of an outage or security incident. At RIPE 77, the question was raised in the Database Working Group whether PERSON objects are really required. If this is the case, then it affects our legal analysis. However, we can't decide this ourselves - we will need the community to make this determination. As we understand it, the community will be looking at this issue closer in 2019 - and we will be watching and supporting this process. Regarding your final point, our systems were never intended to cater to multiple LIRs and so the duplication you mention is a natural consequence of this. When thinking about changes to fix the issue, we need to consider the wisdom of spending resources to cater to this sub-set of members instead of improvements that would benefit the wider community and membership. Kind regards, Felipe Victolla Silveira Chief Operations Officer RIPE NCC
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]